Qminder Is Now HIPAA-Compliant

In our blog, we usually share some noteworthy things about the industry and its big players. From customer service to queue management, we cover things that are, hopefully, as interesting to you as they are to us.

This time, however, we want to share with you not insight but some rather pleasant developments that have recently taken place. Namely, the fact that Qminder has been HIPAA-certified.

But while we bring you this piece of news, there are a couple of things we need to shine some light on. Things like “What is HIPAA?” and “How does HIPAA compliance benefit Qminder — or me?”

Let’s take it from the top.

What Is HIPAA

To answer the question of “What is HIPAA”, let’s pretend we’re Wikipedia for a moment.

HIPAA is the acronym for the Health Insurance Portability and Accountability Act. It was signed by then-President Bill Clinton and passed by Congress in 1996. HIPAA is a list of legislative requirements that oversee data privacy and security provisions for private medical information.

HIPAA has several specific goals, from providing continuous insurance to reducing administrative burdens. But the goal we’re most interested in right now is protection against fraudulent access to, abuse and mishandling of confidential patient information.

There are five separate sections in HIPAA:

Health Insurance Reform.

Administrative Simplification.

Tax-Related Health Provisions.

Application and Enforcement of Group Health Plan Requirements.

Revenue Offsets.

That’s a lot of dry bureaucratese speak, and we don’t blame you if you skimmed through some of the sections above. There’s but one section we should pay attention to, though — Title II: Administrative Simplification.

What kind of compliance requirements does Title II include? Basically, we can narrow it down to three rules: Privacy Rule, Security Rule, and Enforcement Rule.

The Privacy Rule — or the Standards for Privacy of Individually Identifiable Health Information, if you feel like falling asleep mid-sentence — sets national standards to protect patient health information.

Likewise, the Security Rule sets standards for patient data security, and the Enforcement Rule outlines the process for investigating violations of HIPAA compliance.

So in short, Administrative Simplification of HIPAA sets special standards for securing and confidential handling of healthcare information that is stored or transferred electronically.

Taking in all of the above, what’s the big idea about HIPAA? Why was it necessary to put into law this act?

The Importance of HIPAA

HIPAA gained extra prominence after several cases of information breaches in some healthcare institutions across America. It was clear that something needed to be done by these institutions, and the reality pushed them towards certifying for HIPAA compliance.

The rule requires the placement of safeguards, both physical and electronic, to ensure the secure passage, maintenance and reception of protected information.

A patient’s name, address, birth date, social security number, and other information that could be used to identify the patient.

The patient’s physical/mental health condition.

The specific services and care provided to the patient, as well the payment for said services.

(It needs to be added that employment records are not considered private healthcare information under HIPAA.)

So now that we now which information needs to stay protected, the next question is, “How do we make that happen?”

Title II of HIPAA lays out some requirements for healthcare facilities to follow.

Firstly, there needs to be a person responsible for implementing procedures at the facility, including handling the complaints. Employees must be trained on said procedures, and appropriate safeguards needs to be instituted and maintained.

Oh, and while we’re on this point: patients have the right to receive, upon request, their own protected information. It’s self-explanatory and self-evident, but well, there you have it.

What Qminder’s HIPAA Compliance Means to You

HIPAA sets the standard for protecting sensitive patient data. Any company that deals with protected health information must ensure that all the required physical, network, and process security measures are in place and followed.

This includes covered entities — anyone who provides treatment, payment and operations in healthcare — and their business associates, or anyone with access to patient information and provides support in treatment, payment or operations.

This, by the by, means Qminder as well.

The policies of saving, accessing and sharing of medical and personal information apply to subcontractors too. To fully comply with HIPAA privacy requirements, these subcontractors need to have certain safeguards in place.

We’re talking about administrative, physical as well as technical safeguards to protect health data.

Physical safeguards are there to limit access and use of both workstations and electronic media. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.

Technical safeguards allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption.

This also covers guidelines for data backups, so that patient information could be recovered in case of electronic failures.

All right, so once again, in plain English, what our newly-established HIPAA compliance means to you.

You can fully trust us and trust our handling of sensitive patient information, as it stays encrypted and protected in a secure database, with no unauthorized outside access and no risk of data breaches.

“But wait!” you might say, “What about Qminder showing your name on a big screen for everyone in the waiting area to see?”

That’s right, Qminder’s central technology, a name-based calling approach which uses information entered by patients upon sign-in, is in full compliance with HIPAA regulations. The explanation is simple: It doesn’t reveal personal information beyond the first name or initials.

While on the surface it may seem more revealing than, say, a number-based system, it’s actually secure and more convenient. Depending on their ailment, patients can have hard time remembering a long, multi-digit number.

Their first name, on the other hand, is something that is quickly identifiable — but only to them. Even in a highly specialized facility, calling out patients’ first names doesn’t breach privacy, reveal sensitive information or damage anyone’s reputation.

Qminder’s HIPAA compliance is the ultimate testament to this mindset.

Want to feel what it’s like to use a HIPAA-compliant queue management system? Sign up for free. You get two weeks of trial, with no feature limits.